Reverse Engineering Stack Exchange is a question and answer site for researchers and developers who explore the principles of a system through analysis of its structure, function, and operation. It only takes a minute to sign up.

I recently bought a KKmoon Portable RFID 125KHz Proximity Smart EM Card USB ID Reader from Amazon. I'm not currently able to locate a datasheet for the device. It reads tag IDs and prints them in plaintext over USB (presumably as keyboard input). The benefit of this device is that it's cheap and it works (as claimed) on multiple platforms including Android, which is a plus for me.

My question is how to figure out what sort of hidden features and "modes" (especially) are available for this device? For example, I would assume that the underlying hardware is able to sniff all communications on the 125 kHz channel. How would I go about getting the device to print all of this information over USB in whatever format it comes in? I'm thinking along the lines of turning the capabilities of this reader into a Chameleon-like sniffer device for the 125 kHz spectrum.

I can write C / kernel code that will enumerate the ioctl's of the device if this would be useful. Can someone please pass on some pointers about the reverse engineering aspects of this project? Many thanks.

This C code may be useful, but I'm not quite sure what it does and how to extend the command set.
– mdsJun 5 '18 at 10:28

The scope of this question is quite broad. If you want to understand how the device works then acquire the firmware and reverse engineer it. You should look at the hardware as well in order to determine the target architecture of the firmware. Please do your research. 1) How to make your own BadUSB 2) Glitching USB firmware for fun
– julian♦Jun 7 '18 at 0:53